ICND2: Interconnecting Cisco Networking Devices Part 2 (legacy) — Question 111
In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?
Answer options
- A. Access control lists on file servers
- B. Elimination of shared accounts
- C. Group-based privileges for accounts
- D. Periodic user account access reviews
Correct answer: D
Explanation
The correct answer is D, as conducting periodic user account access reviews helps ensure that each alert can be traced back to a specific user, enhancing accountability. Options A, B, and C do not provide direct correlation between alerts and individual users, which is essential for compliance with auditing standards.